Wired
A security researcher has confirmed that the built-in program of Apple’s loss prevention tag AirTag is rewritable, and has also released a demo video that changed the URL that can be accessed from AirTag in lost mode.
Also released a demo video that changes the behavior of AirTag
AirTag, released on April 30th, can be put into lost mode to access the “Search” website where you can check the owner’s contact information by holding an NFC-enabled smartphone over it.
Security researcher stacksmashing (@ghidraninja) reported on Twitter that he was able to break into the AirTag microcontroller and confirm that the program was rewritable.
By the way, it seems that the two AirTags became useless by the time they invaded the microcontroller.
Yesss !!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag!
/ cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph
— Stacksmashing (@ghidraninja) May 8, 2021
He also posted a video showing that it was possible to jump to any website by holding the modified AirTag in lost mode and holding the iPhone over it.
Built a quick demo: AirTag with modified NFC URL
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— Stacksmashing (@ghidraninja) May 8, 2021
9to5Mac, which reported the news, pointed out that these changes could be misused for phishing etc. in the future, and commented that Apple’s server-side measures are desired.
There are some doubts about the privacy protection function
AirTag has a privacy protection feature that warns you with the iPhone display and AirTag sound when it recognizes that an AirTag that isn’t yours is moving with you.
However, the Washington Post reports that AirTag is at risk of being misused for stalking.
In addition, iFixit has disassembled and verified AirTag, and cautioned that the speaker that makes the sound can be disabled relatively easily.
Source: 8-bit, 9to5Mac
(hato)
Source: iPhone Mania